Microsoft 365 Defender researchers disrupted cloud-based infrastructure used by scammers behind large-scale business email compromise (BEC) campaign. Microsoft researchers revealed the entire attack flow behind a recent BEC incident, from the initial access to the victim’s mailboxes to gaining persistence and stealing data using email forwarding rules. BEC attacks have been behind record-breaking financial losses every year since 2018, with reported losses ranging from $10,000 up to $4 million from November 2018 to September 2020.
Source: https://www.bleepingcomputer.com/news/security/microsoft-scammers-bypass-office-365-mfa-in-bec-attacks/